Hi,

Not really a subject I'm strong on however I believe the answer should be B and E (not B and D)

Why D is wrong:

The WLC does not need to know or list the portal FQDN under its virtual interface because it’s not hosting that FQDN or the certificate. Essentially, what I'm seeing is that D is only applicable when the WLC itself hosts the login portal or when you want the WLC to present a specific FQDN and certificate for HTTPS.  But in ISE deployments, particularly with CWA or guest portals, this does not apply.

Why E is correct: 

A new CSR is needed so that the certificate installed on ISE includes the new static FQDN in its SAN or CN field. Without this, browsers will show certificate errors when redirected to the guest portal.


If I am missing something let me know, thanks!

Hi,

I notice there was already a post about this and it was "incorrectly" corrected.

Answer should be the one that starts with 
"Access-list 100 deny tcp host 10.0.0.5 any eq 22"

Because CoPP will continue to forward traffic it does not match on, and it does not match on deny statements.

The question that is currently correct will match on the ip 10.0.0.5 (via permit) then the action is drop, which goes against the what the question is asking.

Thanks

Hi,

Sim is broken, BGP isn't converged so I cannot reach the tunnel destination from R22 (209.165.200.230) therefore cannot establish tunnel 10 connectivity.

Also, VRF config is not present on R22. No "VRF definition / address family" config existing.

Thanks

Hello me again  

The green answer is wrong because the actual code does:
u2.append(u101)

Which appends the entire list of fields [Device-ID, Local-Intf, Hold-time, Capability, Port-ID]
for each LLDP neighbor—not just the first element (hostname).

To make the script produce only the hostname I believe you would change that line to:
u2.append(u101[0])

u101[0] is the first element of that list—the Device ID or hostname.


I'm still quite new to this subject so if I'm wrong, forgive me but I think the logic I mentioned has some truth to it.

Thanks

I have an issue with "propriety syntax in configuration files based on Ruby" being allocated to Chef.

Why:
Because Chef uses plain ruby whereas puppet uses DSL. The wording "based on ruby" implies that chef isn't using "pure/plain" ruby instead it's using a branch of ruby which more accurately describes what puppet uses, that being DSL inspired by Ruby but not actually ruby.

Thanks

The correct answer is currently "A NETCONF request was made for a data model that does not exist".

Why I feel this is not accurate:

An empty <data/> element tells the administrator: “Your query succeeded, but there’s nothing under the subtree you asked for.” 
It does not indicate that the data model itself is missing.
RFC 6241 §7.1, second paragraph: “If the server has no data that matches the selection criteria… it MUST reply with an empty <data/> element.”


Maybe the answer should be along the lines of "A NETCONF request was made for data that does not exist".


Thanks

I believe the answer "If a router with a higher IP address and the same priority as the active router becomes available, that router becomes the new active router 5 seconds later.” is incorrect for this reasoning:


Even in the case of pre-emption on the new router - 

Pre-emption triggers only when the newcomer’s priority is higher than the current active router. A higher IP address breaks a tie during the initial election, but it does not pre-empt an already-active router whose priority is equal. The 5-second delay therefore would not apply in that equal-priority scenario.

First attempt and passed! 6/2/2025

I got 48 MCQ, 1 drag and drop, and 3 sims.

Sims are spot on, I got the Ipsec v2, the telnet, and timestamps sims.

There were about 10 new questions that were not in H2P but if you study the material on top of H2P you won't have issues passing. Study and do the sims and the test will be a breeze.

I prepped for about 2 months before my exam and I went through all the h2p questions and sims and did not stop until I was able to almost recite every question and answer. For topics I did not know I went and did the research and studied the concepts.  

I have always used h2p ever since college and I have passed all exams first try from CCNA to the old CCNP (3 test) to the new Encore and now Enarsi exams. 

Goodluck to all future test takers!

AR517 AR683 Duplicate question

AR507 and AR667 are the same question but give two different answers. 

I would think that LDP is the correct answer given the explanation. AR507 states MP-BGP is the answer but is not correct.